Solved

Sync local AD passwords to Office 365?

Posted on 2014-07-24
9
509 Views
Last Modified: 2014-08-11
I am reading through a lot of information about Office 365 and AD password sync/dirsync, etc. and getting a tad confused as to the best path to take.

I am looking for the simplest way to have my local AD passwords get synced with Office 365 accounts. I don't care about 2 way sync, just something simple to take my AD passwords and have them overwrite the Office 365 passwords.

thanks
0
Comment
Question by:mvalpreda
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40218368
There is one (and only one) way to do that. Dirsync.
0
 
LVL 2

Author Comment

by:mvalpreda
ID: 40218379
Will Dirsync allow me to choose what I want to sync? Do I need to set up AD FS?
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40218386
Dirsync syncs all of the object types and attributes it supports. There is no selective syncing. ADFS does not sync at all. It is a different set of tools to address different scenarios... mainly true single sign-on scenarios when it comes to O365.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 2

Author Comment

by:mvalpreda
ID: 40218405
If I have a bunch of old user objects in AD....how will it process those? Or just skip them if the UPN doesn't match anything at O365?
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40218414
They will get synced like everything else. Dirsync does not activate any licenses. It is still up to you to do that. You'll just see a bunch of inactive accounts in O365 after the first sync. It is best to clean up AD before dirsync if you have a bunch of objects not in use.
0
 
LVL 2

Author Comment

by:mvalpreda
ID: 40218419
If I sync and then clean up AD, will it delete those inactive accounts from O365?

Is it best to have the UPN set up on all my accounts to match email addresses in O365?
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40218445
If you are going to run DirSync, you need to understand how it runs and how to administer it. Read the documentation. Truly. All these questions are answered in there and running it without reading about it is a great way to get yourself in trouble. It is a lot more efficient than playing whack-a-mole with all these questions.
0
 
LVL 40

Accepted Solution

by:
Vasil Michev (MVP) earned 250 total points
ID: 40218563
You can configure filtering for dirsync, so that only select object are synced to O365:

http://technet.microsoft.com/en-us/library/jj710171.aspx

Here's also comparison between using dirsync with password sync and AD FS:

http://blogs.office.com/2013/07/26/password-hash-sync-simplifies-user-management-for-office-365/
0
 
LVL 7

Assisted Solution

by:Philonator
Philonator earned 250 total points
ID: 40226732
There are four viable options

1.  use Dir Sync with password sync

2. Use ADFS which will federate your domain to the cloud

3. user power shell and set all your user passwords to never change:
Connect-MsolService -cred $cred
Get-MSOLUser | Set-MsolUser -PasswordNeverExpires $true

4. Use a third party tool like:
http://www.messageops.com/software/office-365-tools-and-utilities/office-365-password-synchronization/
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Adoption of Microsoft’s Enterprise Mobility and Security solution and Office 365 will re-order the File Sync and Share market Microsoft has stated that its Enterprise Mobility + Security (EMS) is the fastest growing product in the history of the …
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question